Re: Linux System Users Login/Password?
- From: David Haynes <david.haynes2@xxxxxxxxxxxx>
- Date: Tue, 13 Jun 2006 06:17:37 -0400
Vincent Pirez wrote:
Hi,PHP has a function named 'crypt' that will encrypt strings in the same way the password is encrypted into the password file. It takes a password string and a salt string.
Has anyone managed to code anything that will verify the username and password of a user against the /etc/shadow file?
I need to authenticate users based on their local system accounts, but unfortunately need to do this without recompiling PHP or Apache with custom modules.
So far I've managed to pull all of the shadow password strings out and into a database, but is there any way of 'matching' the encrypted strings if you are given the plain text version, like with md5?
Thanks in advance,
Vince.
The encryption algorithm may vary but is typically either a two character salt (CRYPT_STD_DES) or an MD5 salt (CRYPT_MD5). The MD5 encryptions are guaranteed to start with a '$' sign.
So, for example, let's say your shadow entry is:
web:$2$Hlpmlp9i$5VnapGyOuIzJFkPcrvE7a.:13007:0:99999:7:::
This is a MD5 encrypted password.
if( crypt($password, $salt) == '$2$Hlpmlp9i$5VnapGyOuIzJFkPcrvE7a.')) {
// password is correct
}
Do you really want to pull all the shadow entries into a database? Why not read the file directly and explode() the entries? It seems to me that you will have synchronization issues the other way.
-david-
.
- Follow-Ups:
- Re: Linux System Users Login/Password?
- From: Vincent Pirez
- Re: Linux System Users Login/Password?
- References:
- Linux System Users Login/Password?
- From: Vincent Pirez
- Linux System Users Login/Password?
- Prev by Date: Re: Can I use PHP to create a desktop icon?
- Next by Date: Re: Recommand Best inventory software
- Previous by thread: Linux System Users Login/Password?
- Next by thread: Re: Linux System Users Login/Password?
- Index(es):
Relevant Pages
|
